General

  • Target

    11def98517c93e2a955df827ed88a3a2.bin

  • Size

    18.7MB

  • MD5

    11def98517c93e2a955df827ed88a3a2

  • SHA1

    12d175a93a7b161bd8d4d6b489e95f15e34ad283

  • SHA256

    9a9ac0169117b67557d8ba9932d908df0df543542a649e16db365c2c4d9829cb

  • SHA512

    de189488e83e72ec79829325454584b452f3ebec54f81f9de804e590bd8e6f086c7709d504cc2b4e8a4e16fa27e64eedda963c51a60440bb71a9a842d8bd4130

  • SSDEEP

    393216:A2lbkeGJYGzcQBWCZ5rbfo0yAoRu0fDzsg4wTIxxqFSGUpDjC4RXBLs8nt0n:AZeGJR3IqWA+7zF4wTHYGUplBLsf

Score
10/10

Malware Config

Signatures

  • DCRat payload 2 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

  • Dcrat family

Files

  • 11def98517c93e2a955df827ed88a3a2.bin
    .zip

    Password: infected

  • __MACOSX/dcrat/._a2719b1149f9c0b195701ccb3050b8bb6ae5facb1845f8b562bbe48b96c69a56.zip
  • __MACOSX/dcrat/._b49c294afa4366bf02faccce77dedf2c9ba3d4aa4073c13fe22bd202821d94e6.zip
  • __MACOSX/dcrat/._d3c18746bd2a2cb25e714a40be7a3e94d5bab0d924db7160ef8cc82a7f0848bc.zip
  • __MACOSX/dcrat/._e6b6a16d17784fdcb240af7ff962b014d7d61d391a99293c8d2fad5dc2805458.zip
  • dcrat/a2719b1149f9c0b195701ccb3050b8bb6ae5facb1845f8b562bbe48b96c69a56.zip
    .zip

    Password: infected

  • 8224386178.zip
    .zip

    Password: infected

  • a2719b1149f9c0b195701ccb3050b8bb6ae5facb1845f8b562bbe48b96c69a56
    .exe windows x86

    Password: infected

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • dcrat/b49c294afa4366bf02faccce77dedf2c9ba3d4aa4073c13fe22bd202821d94e6.zip
    .zip

    Password: infected

  • tmp
    .exe windows x86

    Password: infected

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • dcrat/d3c18746bd2a2cb25e714a40be7a3e94d5bab0d924db7160ef8cc82a7f0848bc.zip
    .zip

    Password: infected

  • tmp
    .exe windows x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • dcrat/e6b6a16d17784fdcb240af7ff962b014d7d61d391a99293c8d2fad5dc2805458.zip
    .zip

    Password: infected

  • e6b6a16d17784fdcb240af7ff962b014d7d61d391a99293c8d2fad5dc2805458
    .exe windows x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections